Whitelist enabled,tainted

Puffo19 · December 19, 2023, 8:59pm

Hello together,

as a newby, I try to get crowdsec running on my system via docker. I used the docker compose file with some small adaptions for my volumes.

First of all I want to add my local IP range to a whitelist so I don’t get banned. Therefore I tired to add my IP range to follwoing file: etc/crowdsec/parsers/s02-enrich/whitelists.yaml

But if I change only one IP address in the file it shows me as tainted. I also tried just for testing to repalce a 0 with a 1. The same result

> cscli parsers list
> 
> PARSERS
> ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
>  Name                                     📦 Status                    Version   Local Path                                                    
> ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
>  crowdsecurity/cri-logs                   ✔️ enabled                    0.1       /etc/crowdsec/parsers/s00-raw/cri-logs.yaml                   
>  crowdsecurity/dateparse-enrich           ✔️ enabled                    0.2       /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml        
>  crowdsecurity/docker-logs                ✔️ enabled                    0.1       /etc/crowdsec/parsers/s00-raw/docker-logs.yaml                
>  crowdsecurity/geoip-enrich               ✔️ enabled                    0.2       /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml            
>  crowdsecurity/http-logs                  ✔️ enabled                    1.2       /etc/crowdsec/parsers/s02-enrich/http-logs.yaml               
>  crowdsecurity/nginx-logs                 ⚠️ enabled,update-available   1.4       /etc/crowdsec/parsers/s01-parse/nginx-logs.yaml               
>  crowdsecurity/nginx-proxy-manager-logs   ✔️ enabled                    0.2       /etc/crowdsec/parsers/s01-parse/nginx-proxy-manager-logs.yaml 
>  crowdsecurity/sshd-logs                  ✔️ enabled                    2.2       /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml                
>  crowdsecurity/syslog-logs                ✔️ enabled                    0.8       /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml                
>  crowdsecurity/whitelists                 ⚠️ enabled,tainted            ?         /etc/crowdsec/parsers/s02-enrich/whitelists.yaml              
>  mywhitelist.yaml                         🏠 enabled,local                       /etc/crowdsec/parsers/s01-parse/mywhitelist.yaml              
> ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Does anybody have a clue what went wrong?

Thanks a lot in advance,
Martin

iiAmLoz · December 20, 2023, 8:55am

You can read what tainted means in the context of a parser (whitelist) here

Puffo19 · December 21, 2023, 10:28am

Ok, good idea , thanks a lot.

Topic		Replies	Views
Crowdsec Whitelist won't work crowdsec	4	372	October 25, 2024
Server ban it self with http-crawl-non_statics error crowdsec	2	961	December 6, 2021
My ip is in the decisions list	6	627	February 20, 2024
Crowdsec IP whitelist for Bunny CDN crowdsec	1	260	October 14, 2024
Ipset, performance, whitelist, api, dashboard, postfix logs crowdsec	4	1207	October 16, 2020

Whitelist enabled,tainted

Related topics